Docstoc

Configuring and Managing Computer Security

Document Sample
Configuring and Managing Computer Security Powered By Docstoc
					Configuring and Managing
   Computer Security
                Chapter 14
1. You are the administrator of 10 Windows XP Professional computers that are members of a Windows 2000
  domain. Because the computers are used in a public area you audit all security events on the computers. A user
  named IT2 Salazar reports that while he was using one of the computers it suddenly shut down with a STOP
  error. When the computer restarted, IT2 Salazar attempts to log on by using the same user name and password
  that he used before, but receives the following error message: "Your account is configured to prevent you from
  using this computer. Please try another computer." IT2 states that he did not do anything to cause the STOP
  error to occur. You want to ensure that IT2 Salazar can get his homework done on this computer. What should
  you do?

    A. On the computer, save and clear the security log, set the CrashOnAuditFail setting to 1, and restart the
    computer.

    B. On the computer, modify the local audit policy so that system events are not audited, set the
    CrashOnCtrlScroll setting to 1, and restart the computer.

    C. In the domain, modify IT2's LogonWorkstations list to include the name of the computer.

    D. In the domain, modify IT2's account properties to unlock the account.
2. The network in the MCP classroom contains 23 Windows XP Professional computers that were installed by
   using a RIS image. These computers also use a security template named Standard.inf, which you created and
   applied to the computers. Navy Information Assurance (IA) releases a new security template named
   Corporate.inf which you are instructed to apply to all 23 computers in the classroom. You are tasked to make a
    list of all policies that are defined in the Corporate.inf but that are not already enforced on the computers. You
    import Corporate.inf into the Security Configuration and Analysis console on your computer. Which policies
    should you document?

                                                           A. The policies that are displayed with an
                                                           X or an exclamation point in the analysis.

                                                           B. The policies that are displayed with a
                                                           check mark in the analysis .

                                                           C. The policies that are displayed as
                                                           Enabled in the Computer Setting column .

                                                           D. The policies that are displayed as
                                                           Disabled in the Computer Setting column
                                                           .
3. You are the desktop administrator IT”A” School. The school's network contains 1,000 Windows XP Professional
  computers, which are members of a single Active Directory domain and all the computers’ hard disks are formatted
  as NTFS. The school's software developers release a new custom application that uses a .dll file named
  AppLib.dll, which is installed in a folder named \Program Files\Eagle\OpsApp. The school's help desk technicians
  report that several users are experience problems when they use the application because the AppLib.dll file was
  deleted on their client computers. The school's software developers recommend that you modify the file
  permissions on AppLib.dll so that users have only Read permission on the file. You need to ensure that all users
  have only Read permission on the AppLib.dll file on all 1,000 Windows XP Professional computers. What should
  you do?

    A. Write a logon script that moves the AppLib.dll file into the %systemroot%\System32 folder. Ensure that Windows File
    Protection is enabled on all 1,000 Windows XP Professional computers. Apply the logon script to all domain user
    accounts.

    B. Repackage the customer application in a Windows Installer package. Ask a domain administrator to create a Group
    Policy object (GPO) that advertises the package to all domain user accounts.

    C. Use the Security Configuration and Analysis console to create a new security template that modifies the file permissions
    on AppLib.dll. Use the Active Directory Group Policy to import and apply the template to all 1,000 Windows XP
    Professional computers.

      D. Write a Microsoft Visual Basic Scripting Edition (VBScript) file named Modify.vbs that modifies the file permissions on
      AppLib.dll. E mail Modify.vbs to all company employees
4. You are the desktop administrator for ITOF which has a network that consist of a single Microsoft Windows NT
  domain with 2000 Windows XP Professional computers. The IA department releases a new security template
  named New.inf. You are tasked to apply this new template to all 2000 computers. You use the Security
  Configuration and Analysis console to import New.inf into a security database named Security.sdb. Copy
  Security.sdb to a folder named Sec on a server named Eagle1. How will you apply New.inf to the computers?



    A. Use the Security Configuration and Analysis console to export a template named New.inf from
    Security.sdb. Copy New.inf to each client computer.

    B. Write a logon script that copies Security.sdb to the %systemroot%\System32 folder on each client
    computer.

    C. Copy Security.sdb to the Netlogon shared folder on each domain controller.

    D. Write a logon script that runs the Secedit /configure /db \\Eagle1\Sec\Security.sdb command. Apply the
    logon script to all domain user accounts.
5. The IT schoolhouse’s network contains 500 Windows XP Professional computers. The IA department releases
 a new security template named NewSec.inf. You import NewSec.inf into a security database named
 NewSec.sdb. You analyze the result, and you review the changes that the template makes. You examine the
  security policies that are defined in NewSec.inf and discover that the settings in NewSec.inf have not been
  implemented on your computer. You need to ensure that the settings in NewSec.inf overwrite the settings in your
 computer's local security policy. What are two possible ways to achieve this goal? (Each correct answer
 presents a complete solution. Choose two.)

    A. Run the Secedit /configure /db C:\NewSec.sdb command.

    B. Run the Secedit /refreshpolicy machine_policy command.

    C. Copy NewSec.inf to the C:\Windows\Inf folder.

    D. Copy NewSec.sdb to the C:\Windows\System32\Microsoft\Protect folder.

    E. Use the Security Configuration and Analysis console to open NewSec.sdb and then to perform a
    Configure operation.

    F. Use the Security Configuration and Analysis console to export NewSec.sdb to the Defltwk.inf security
    template.
6. The network for the ITOF School contains 1000 Windows XP Professional computers that are configured with
  the students.inf security template. One of the network administrators in the Main building creates a new security
  template named instructors.inf which is designed to be applied to all computers; however the users in the school
  have different security requirements from the users in the main building. You need to find out whether the new
  security template will violate the requirements of the school, what should you do?


    A. Run the Secedit.exe command in validation mode and specify the new security template.

    B. Run the Secedit.exe command in configuration mode and specify the new security template.

    C. Use the Security Configuration and Analysis console to import both templates into a security database,
    and then perform an Analyze operation.

    D. Use the Security Configuration and Analysis console to import both templates into a security database,
    and then perform a Configure operation.
7. The IT administrator for ITOF creates a custom policy that will apply to a custom application that is loaded on
   the instructor's Windows XP Professional computers. He deploys this policy by using Group Policy. When you
   inspect the instructor's computers, you find out that the application has not been modified by the policy. You
   want to examine Windows XP Professional to find out whether the custom policy is affecting the correct location
   in the Registry. Which command should you run?



    A. Msinfo32.exe

    B. Gpresult.exe

    C. Gpedit.msc

    D. Rsop.msc
8. The IT administrator for the school needs to distribute a custom application to the Windows XP Professional
   computers in the A+ classroom. He deploys the software by using Group Policy. Mr. Dowling is an instructor
   in the A+ classroom. He reports that the custom application is not available. You examine his computer, and
   you verify that the application is not present. You want to ensure that the software is deployed the next time
   Mr. Dowling logs on. Which command should you run?



    A. Secedit /refreshpolicy user_policy /enforce

    B. Secedit /refreshpolicy machine_policy /enforce

    C. Gpupdate /target:computer /sync

    D. Gpupdate /target:user /sync
9. The IA department releases a new security requirement that states that the Telnet service may not be started on
   any government-owned client computer. You need to create a new security template that prevents the Telnet
   service from starting on government-owned client computers. You open the Security Configuration and
   Analysis console on your Windows XP Professional computer. Which portion of the console do you need to
   configure?




                                                                System Services
10. The IT office needs to distribute three custom applications to the schoolhouse’s Windows XP Professional
    computers. They deploy these applications using a Group Policy. Some users report that they must log on
    several times before the newly deployed applications are present on their computers. What should you do to
    ensure that all software is deployed the next time the users log on?

    A. Enable the Always wait for the network at computer startup and logon policy.

    B. Enable the Always use classic logon policy.

    C. Enable the Turn off background refresh of Group Policy policy.

    D. Enable the Group Policy slow link detection policy.
11.   IT1 Joseph frequently travels to different commands to deliver MCP training. Because he travels his Windows XP
      Professional portable computer has a smart card reader for security. IT1 request that you configure his computer to enable
      dial in to the schoolhouse network when he is traveling. Navy IA security policies state that dial-in users must use a
      smartcard when they connect to the network and that users use the strongest form of data encryption possible. Policy also
      directs that client computers must disconnect if the Routing and Remote Access server does not support both smartcard
      authentication and the strongest possible authentication. Your task is to configure the dial-up connection properties on IT1
      Joseph’s computer to dial in to the schoolhouse network making sure that Navy security policies are enforced. Which three
      action should you take? (Each correct answer presents part of the solution, Choose 3)

      A. Select the Advanced (custom settings) security option.

      B. Select the Require data encryption check box.

      C. Select the Typical (recommended settings) security option.

      D. Select the Use smart card item from the Validate my identity as follows list.

      E. Select the Maximum strength encryption item from the Data encryption list.

      F. Select the Allow these protocols option, and select the MS-CHAP v2 check box.

      G. Select the Extensible Authentication Protocol (EAP) option, and select Smart Card or other Certificate from the EAP
         list.
12. You are the administrator of a Windows XP Professional computer named Trust which is connected to the
    internet and provides internet access to nine other computers. Trust has Internet Connection Sharing (ICS)
    and Internet Connection Firewall (ICF) enabled. You run an application named Honor on Trust that
    communicates with an online training Command on the Internet. In order to display an online the training
    Command needs to contact the Honor application at port 5800. You want to ensure that the training Command
    can connect to the Honor application, what should you do?

       A. Configure ICF to enable the Internet Control Message Protocol (ICMP) Allow redirect option. Then start
       the Honor application that opens port 5800.

       B. Create a new service definition named Honor. Use port 5800 as the external and internal port number.

       C. Edit the %systemroot%\System32\Drivers\Etc\Services file on Trust to include a service definition
       named Honor for port 5800.

        D. Change the TCP/IP settings on Trust to enable TCP/IP filtering. Permit network traffic on port 5800.
13. You are the desktop administrator for ITOF where all instructors have Windows XP Professional computers
    and members of the local Users group on their own computers. An instructor in A+ has a removable disk
    cartridge drive on his computer. The disk cartridge contains an unsupported, third-party file system.
    Whenever the instructor tries to save data to the disk cartridge, they are prompted to reformat the disk
    cartridge. However, they receive an “access denied” error message when attempting to reformat. You need to
    enable the instructors to save testing data to the disk cartridge. What should you do?

       A. Instruct the user to format the cartridge as FAT32.

       B. Remove the Read-only attribute from the disk cartridge.

       C. Add the user to the Power Users local group on the computer.

       D. Grant the user Allow - Full Control permission on the disk cartridge.

       E. Configure the local security settings to allow the user to format and eject removable media.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:8/12/2011
language:English
pages:14